[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossig] single sign-on, SSH, VSFTP trouble

Hi all,

I have cracked my head over the week on this problem that I believe is a
simple one. Alas, its eluding me. Maybe one of you can see the solution
to the following problems.

I have Fedora Core 2 where users are authenticated to a MS Windows
Server (ADS maintains the user/password). All is fine can surf, email,
network. The name "domainuser" is authenticated by the ADS to
apiit.edu.my without problems. The host.deny is empty. My suspect is in
the PAM files at this moment. I list out the problems and symptoms. 

A) Problem:

1. local and remote users cannot login to VSFTP and SSH. I can only
connect via SSH if I issue the following:
ssh -l "domainuser" -o KerberosAuthentication=yes localhost

but for local user "linuxuser" it gives "Read from remote host
localhost: Connection reset by peer" and cannot login.

2. I can create a local user. Problem is I cannot login to either above
two service or to linux locally. How?

3. How else can I trace/troubleshoot?

B) Symptoms at FTP session:
1. I try to establish the connection. After the password it hangs for a
long time.
# ftp localhost
Connected to localhost (
220 Welcome to Nicholas FTP services
Name (localhost:nicholas): linuxuser
331 Please specify the password.
Password: ****

2. after a long time it displays
421 Timeout.
Login failed.
No control connection for command: Permission denied

3. I have placed the following to confirm that TCP wrappers are used in
vsftpd : ALL : spawn /bin/echo `/bin/date` Saya pakai tcp_wrappers
dengan VSFTP >> /var/log/messages

4. The messages "Saya pakai tcp_wrappers dengan VSFTP" appears in the

C) Symptoms at SSH session:
1. I try to establish SSH
# ssh -l linuxuser localhost
linuxuser@localhost's password: ***

2. After a long time
Read from remote host localhost: Connection reset by peer
Connection to localhost closed.

3. The /var/log/messages file shows my customised message "sshd using
tcp_wrappers" that hosts.allow is executed. It say granted access, but I
have a connection closed.

sshd using tcp_wrappers
pam_winbind[7183]: user 'linuxuser' granted access

D) contents of pam.d/vsftpd
auth       required     pam_listfile.so item=user sense=deny
file=/etc/vsftpd.ftpusers onerr=succeed
auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message